postfix authentication

Hi,
I am administering a server and i must accept that I am a total newbie. I have followed the "The Perfect Server – CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3)" to setup the server. Everything is ok in it, we do not have any problem in sending/receiving mail except that Postfix is allowing mails within the same domain without authentication.
example : my domain is xyz.com and I have two mail boxes. [email protected] and [email protected] . Now in the mail client (Thunderbird) of [email protected] , i have given smtp authentication method as "no authentication" and [email protected] is trying to send a mail to [email protected] , still the mail is getting delivered. Can you please guide me or point me to the setting which might be causing it.

This is my output of postconf -n . In the result I have just modified myhostname and smtp_bind_address.

Hi falko
Thanks for the reply.
But in my case , the ip from which the mail is coming is not listed in mynetworks.
And i did not understand what you meant by rdcipient.

The recipients of the mails which are coming unauthorized are all virtual mailbox.
And just today I had to remove the setting smtpd_reject_unlisted_sender = yes , otherwise all the system mails were getting blocked.

There are two scenarios where users don't have to authenticate:
1) You send to a rdcipient who is on the server.

Click to expand...

Then isn't that a security issue? That means i can send mails to any user in our domain and that mail might look like as if the mail has been sent by our MD . I can then send any type of mail to [email protected] and [email protected] will think that the mail has been sent by [email protected] , but in reality the mail has actually been sent by [email protected] - but there is no reference of [email protected] in the mail.

Sorry Falko but I can not agree with that.
I have another domain which is not on this dedicated server , but is on a shared hosting on a windows server of ixwebhosing.com .
When I am trying to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain , the mail server is not allowing me to send it.
And that is also SMTP protocol .

hi Falko
I think you misunderstood my first post (the original post with the problem).

When I am trying to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain , the mail server is not allowing me to send it.

Click to expand...

This is the problem that I am facing in the dedicated server - I am able to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain.
Shared windows hosting server is not allowing it , but the dedicated server (The Perfect Server – CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3) is allowing it.